In today's wired age, it is common knowledge that setting up one's own web page
is not a particularly difficult endeavor. Indeed, anyone who has run a broad-based
search through one of the major search engines has likely come across myriad
"homemade" pages created by individuals reflecting their personal
interests or some life ambition. To set up a web site, one really only needs
an Internet-connected computer, a web browser equipped with a basic text-editing
application and an Internet service provider (ISP) that offers web hosting for
its users. Such users are unlikely to seek legal advice, and the legal issues
that arise in relation to such sites tend to be limited to copyright and trademark
violations by the site creators.

E-commerce, however,
presents a wholly different challenge for the site creator and the legal practitioner.
The sophisticated nature of the technology required, the number of players involved
in setting up a site and facilitating transactions, the privacy concerns of
customers who may be giving the site information about themselves, and a host
of other realities of online business make effective legal representation critical
in this arena. In addition, e-commerce set-up often requires great speed due
to the nature of the industry, therefore adding an additional layer of complexity
that calls for even more vigilance and preparedness on the part of the legal
practitioners in structuring transactions and advising clients. This section
of the course will examine some general steps that most U.S. e-businesses will
follow in establishing an e-commerce site and explore the necessity or possibility
of legal representation at different critical junctures of the set-up process.

In setting up a website, the first step usually undertaken is registering a
domain name. A domain name is the unique address that guides a user's browser
to the computer on which the website resides. It usually consists of two elements,
the top-level domain (TLD) and the second-level domain (SLD - which some simply
refer to as the "domain name"). The most recognizable example of a
TLD is the familiar .com found at the end of many web addresses. In addition,
there is another set of TLDs reserved for specific countries. These are known
as the country code TLDs, or ccTLDs and include domains such as .jp for Japan,
.fr for France, and the much-ballyhooed .tv for Tuvalu. The administration of
these sites was given over to authorities in each nation, some of whom have
restricted registration to residents of that nation while others (most notably
Tuvalu) have opened registration to anyone willing to pay the price. Finally,
ICANN, the Internet Corporation for Assigned Names and Numbers (Website)(ICANN1),
recently selected seven new gTLDs from proposals submitted by private applicants,
including a new .biz TLD for businesses and .pro TLD for lawyers, physicians,
and accountants (Website)(ICANN2).
Registration in the new gTLDs is not expected to begin before the Fall of 2001.

A. CHOOSING A TOP-LEVEL DOMAIN (TLD)

Choosing a TLD
then is the first step in registering a domain name. There are many registry
services for the three unrestricted gTLDs, with a variety of prices and service
options available. One must closely review the terms of the registrar service
agreement policies. The domain holder's rights in a gTLD domain name are very
tenuous; most registrars reserve the right to revoke a domain registration at
their own discretion. And courts have only just begun to explore the boundaries
of domain names and property rights. In one of the few cases addressing domain
names as property, a state court in Virginia ruled that a domain name is a form
of intangible intellectual property subject to post-judgment creditor remedies
(Website)(Umbro).
The case was later reversed when the Virginia Supreme Court ruled that the domain
names at issue could not be garnished, but that court left open the question
of whether the domain names themselves could be considered property (Website)(Umbro
II) However, a subsequent Federal court decision (Website)(Dorer),
cast some doubt on property rights in domain names before the court ultimately
disposed of the case without definitively answering the question.

In addition, all
of the current open gTLDs (.com, .org and .net) must abide by a standard Uniform
Domain Name Dispute Resolution Agreement under which the domain holder is subject
to a mandatory resolution procedure if any trademark owner complains about the
domain name. For more details about the UDRP, see the course section on Disputes.
In the end, most commercial concerns usually register the same name in all three
gTLDs just to avoid confusing customers.

B.
CHOOSING A SECOND-LEVEL DOMAIN NAME (SLD)

The next step is to choose a second-level domain (SLD or 2LD), which is the
part of the domain name preceding the TLD. Common examples of SLDs include the
"Amazon" of Amazon.com and the "CNN" of CNN.com. Choosing
an SLD is something particularly important for those involved in e-commerce
as they think about branding and trademarks. This choice is best made with the
advice of trademark counsel. As most common words and short phrases have already
been registered as second-level domains in the unrestricted gTLDs, a business
may have to look to an unrestricted ccTLD or one of the new TLDs to register
a manageable and easily remembered name. To find out if a name is available
in the gTLDs, an e-business should use the VeriSign global registry service
Whois search (Website)(Whois).
In addition, each ccTLD has its own "whois" database but many are
searchable from Allwhois (Website)(Allwhois)
and Uwhois (Website)(Uwhois).

One is safest
when registering one's own trademark or tradename. If it has already been registered
by another party, consult the UDRP or local law for possible grounds to force
a transfer of the domain to you. If the other party has superior rights, or
if you have not yet established any legal right in the name you wish to use,
an important first step in registering a second level domain name is a trademark
search. Due to the focus on trademarks in the ICANN UDRP - under which a domain
name registrant may be forced to give up a domain name to its trademark holder
- it is crucial to make sure the domain name being registered is not a registered
trademark belonging to someone else. For a review of the ICANN dispute procedure,
see Diane Cabell, Using ICANN's UDRP (2000) (Website)(Cabell).

Virtually all domain registrars have a very simple search process to see whether
a name is available and many also have tools to help users find available domain
names containing similar words if the original choice is unavailable. After
finding an available domain name (top and second-level), most registrars give
registrants a choice of options in terms of pricing and duration. Registrars
may only grant domain names for fixed periods of time (Website)(ICANN3)
- with an option to renew when the period lapses - and most registrars give
options for different registration durations. Choosing a longer registration
period has the advantage of locking the registrant into a registration at a
price that will not rise, and some registrars offer discounts for registrations
of longer duration.

Different registrars
also may offer differing packages of services for additional fees. Network Solutions
(Website)(NSI),
for instance, offers hosting services for registrants. Some registrars do not
offer hosting, instead requiring the registrant to provide them with domain
name server (DNS) information before they will register the name. The easiest
road for those not quite ready to set up their websites is to choose a registrar
that offers free parking, which basically means that the registrar registers
the name without requiring DNS information and "parks" the name on
its server until the registrant is ready to use the name.

While many registrants
simply choose the first registrar they come to, the above options considered
in light of the user's needs will aid in choosing the best registrar. An equally
important consideration that is often overlooked, however, is the Terms of Service
(TOS) agreement, or the registration contract. Unfortunately, the registrars
are often the guilty party in this oversight, as TOS agreements require the
registrant to follow an often-subtle link; most registrars do not even require
the TOS agreement page to be accessed before processing an order.

After registering a domain name, most businesses will need to arrange for hosting
services. As hosting is a relatively new industry, the actual services offered
in a web hosting agreement vary from provider to provider, making it difficult
to generalize what, exactly, comprises hosting. In general, a host basically
stores web pages for a client and operates a giant switchboard of sorts that
connects web users' computers with requested pages from the hosted company.
Hosts generally facilitate such storage and connections by operating hosting
centers, large warehouse spaces that contain the computers on which clients'
web pages are stored and connect them to the Internet via high-bandwidth fiber-optic
lines.

A. ADVANTAGES
OF UTILIZING A HOST

While some companies may have the hardware, office space, and personnel resources
to create their own servers and host their own sites, utilizing a host and its
hosting center provides some distinct advantages over managing one's own server.
For one thing, outsourcing such services can save considerable money - hosting
often runs about one quarter of the cost of running one's own site (Website)(Wooley)
- in terms of the aforementioned resources. Utilizing a host may also decrease
the chances of problems due to security breaches, power outages, and the like,
if one selects a hosting center with round-the-clock security, back-up power
generators, climate controlled storage space, and buildings created to withstand
natural disasters. A final advantage of utilizing a host is speed - the proximity
of the server to the user is a major factor in transaction speed, although other
factors affecting speed such as bandwidth speed, server speed, and number of
hops may lead to situations where the closest server is not necessarily the
fastest. (Some European websites with primarily European visitors actually get
faster and cheaper connections by hosting in the U.S.). As hosting centers give
servers direct, high-capacity, and high-speed access to the Internet backbone,
using a host obviates the need to rewire one's physical place of business for
the necessary level of connectivity. Employing a host gives a client the advantage
of faster connectivity to users/consumers who are located far from the headquarters
of the company. Using a host also allows a business to set up a number of alternative
servers in various locales in order to bring greater speed to a greater number
of people.

B. LEGAL ISSUES IN HOSTING AGREEMENTS

While registering
a domain name can and is often done without legal representation, the many legal
issues arising in the context of a hosting agreement make the services of a
transactional lawyer a necessity. This is especially important considering the
somewhat vague definition of what is included in hosting, as the practitioner
must make certain that all of the e-commerce client's needs are met when drafting
a hosting agreement or making changes to boilerplate hosting agreements. There
are several major areas that require special attention to detail when structuring
such deals, including: equipment, maintenance, service stoppages, security,
and allocation of risk. Part 3: Consumer Privacy
reviews some of the issues concerning collection of personal data by hosts.

A major issue in the Internet context is determining who can be held responsible
for wrongful acts on the part of Internet users. Should only the user who actually
commits the act be held liable, or should the Internet service provider or website
operator be held liable for the wrongful acts of its users? These questions
take on particular significance for an e-business when considering different
options for a website. Offering consumers the ability to post reviews of products
or participate in chat room or bulletin board discussions raises such issues
of liability. When looking at hosting relationships as well, there is a question
whether hosts can or should be held liable for wrongful acts of the parties
it hosts. Courts have taken different approaches to address these issues, relying
on common law principles, case law precedents, and statutory provisions.

The first major
case to arise in the realm of ISP liability was Cubby v. CompuServe (Website)(Cubby).
Cubby involved a situation where allegedly defamatory statements regarding the
plaintiffs were published on a CompuServe bulletin board, resulting in suit
against both the content developer and service provider (CompuServe). In granting
summary judgment for CompuServe, the district court emphasized the fact that
CompuServe had no editorial control over, or even knowledge of the contents
of, the statements published and therefore acted as a mere distributor of the
materials available on its message boards and other online fora. The court relied
on general principles emanating from the First Amendment (as interpreted in
analogous cases dealing with traditional media) to rule that a distributor cannot
be held liable for distributed publications containing defamatory statements
if it neither knows nor has reason to know of the allegedly defamatory statements.
The rule established in Cubby thus provided an incentive for ISPs to remain
ignorant of the actual contents of the publications on its network in order
to be considered a distributor immune from liability.

The next major
development in the realm of ISP liability came in the case of Stratton Oakmont,
Inc. v. Prodigy Services Co. (Website)(Stratton).
In that case, the court held that the Internet service provider Prodigy could
be held liable for libelous statements posted on a bulletin board it operated
by anonymous users, even though it was not aware of the statements. Key to the
court's analysis was that the ISP in this case was more akin to a publisher
than a distributor, and was therefore not entitled to special protection under
the defamation law. The court further reasoned that because the ISP made representations
to the public concerning its regulation and screening of content on its bulletin
boards, it was exposed to greater liability than an ISP not making such representations.
In the court's opinion, the fact that Prodigy screened only for indecent and
obscene content and not defamation was of no consequence. This case could be
reconciled with Cubby - and indeed, the court relied on Cubby to reach its outcome
- due to the fact that the ISP here attempted to exercise editorial control.
However, the reasoning led to the seemingly perverse result that service providers
who actually made an effort to police their sites would be judged more harshly
than those who chose to remain totally ignorant.

A.
THE COMMUNICATIONS DECENCY ACT (1996)

Congress attempted to address the issue raised in the Stratton Oakmont case
through the Communications Decency Act (CDA) (Website)(CDA)
of the Telecommunications Act of 1996 (Website)(TelecomAct).
Although the main thrust of the CDA, which attempted to regulate indecent content
on the Internet, was eventually struck down as violative of the First Amendment
(Website)(Reno),
a safe harbor provision dealing with ISP liability was left intact. That provision,
47 U.S.C. §230(c) [Website)(§230(c)],
was drafted to explicitly overrule decisions such as Stratton Oakmont by not
subjecting those ISPs that made an effort to screen content to stricter liability
than those who made no effort at all (Website)(Record).
The provision, which is also known as the "Good Samaritan" defense,
states: "No provider or user of an interactive computer service shall be
treated as the publisher or speaker of any information provided by another information
content provider" [Website)(§230(c)(1)].
The subsection goes on to preclude civil liability for ISPs attempting to regulate
or block access to offensive content [Website)(§230(c)(2)].

These surviving
provisions of the CDA played a prominent role in the case of Zeran v. AOL (Website)(Zeran).
In that case, a user pretending to be Mr. Zeran posted comments on an AOL message
board, offering T-shirts with offensive and tasteless slogans regarding the
Oklahoma City bombing, which had occurred just days earlier. The posting, which
included Zeran's phone number, resulted in a large volume of angry phone calls,
including death threats. While AOL personnel removed this original posting when
Zeran notified them, they refused to publish a retraction, and subsequent postings
offering merchandise with even more offensive slogans soon followed. The problem
was exacerbated when an Oklahoma City radio station broadcast Zeran's phone
number and encouraged listeners to call him and let him know what they thought
about his offer.

Zeran's suit against
AOL claimed that the ISP had failed in its "duty to remove the defamatory
posting promptly, to notify its subscribers of the message's false nature, and
to effectively screen future defamatory material" (Website)(Zeran,330
). AOL relied on 47 U.S.C. §230 as an affirmative defense, and the
trial court granted its motion to dismiss. In upholding the district court's
ruling, the 4th Circuit explored Congress' intent in passing this section of
the CDA:

The purpose
of this statutory immunity is not difficult to discern. Congress recognized
the threat that tort-based lawsuits pose to freedom of speech in the new and
burgeoning Internet medium Faced with potential liability for each message
republished by their services, interactive computer service providers might
choose to severely restrict the number and type of messages posted. Congress
considered the weight of the speech interests implicated and chose to immunize
service providers to avoid any such restrictive effect. (Website)(Zeran
330-331)

The court went
on to suggest that §230 of the CDA was drafted to respond to and overrule
Stratton Oakmont, seeking to remove the disincentives to self-regulation that
resulted from that line of reasoning. Along these lines, the court also rejected
Zeran's claim that the rules applying to a distributor, as opposed to a publisher,
should apply to AOL in this case, arguing that such a conception would defeat
the purpose of the statute. While the Zeran court thus recognized the broad
sweep of ISP immunity under the CDA, it did stress that the Act allows an injured
party to seek redress from the individual responsible for the injury. Zeran,
however, was unable to identify the defamatory poster and therefore was left
without an easy remedy.

Congress again addressed the issue of ISP liability through legislation in the
Digital Millennium Copyright Act (DMCA) of 1998 (Website)(DMCA),
which revised portions of the existing federal copyright law and added new provisions.
Title II, §202 of the DMCA, which was incorporated into the copyright code
as 17 U.S.C. §512 (Website)(§512),
addresses limitations on liability relating to copyrighted material online.
Specifically, the provision grants an ISP immunity for possible copyright violations
as a result of transitory digital network communications, system caching, storage
of copyrighted materials by users in ISP storage space, and directing users
to particular locations (through links, directories, or other tools). While
the first two of these provisions attempt to address copyright issues that arise
specifically due to technological processes (such as passively forwarding network
traffic on the way to its ultimate destination), the second two touch more broadly
on traditional issues of contributory or vicarious liability for copyright infringement
that have closer analogues in the non-digital world.

The immunities
granted in these DMCA provisions are subject to numerous conditions that make
the law somewhat convoluted. The most basic and important of these conditions
are that the ISP have no knowledge of the infringing conduct of its users (or
infringing nature of its own links) and that, once an infringement is discovered,
it take steps to expeditiously remove infringing material and suspend service
to the infringing party. In this way, the DMCA offers a safe harbor to ISPs
by withholding liability for infringement from ISPs that have no knowledge of
an infringement. When infringement is discovered, the ISP can remain within
the safe harbor and escape liability by promptly following the specified procedures
for removal or diabling of access once it is notified of the infringement. While
this safe harbor combines with the protections of the CDA to give a broad immunity
to ISPs, the DMCA provisions may have the ancillary effect of impinging upon
free speech by encouraging more stringent actions to be taken by ISPs against
alleged infringers in an effort to remain within the safe harbor.

What does all this mean for the e-business? First of all, an e-business that
does not have its own fully self-sufficient infrastructure needs an ISP of some
sort, and these case law precedents and statutory provisions will clearly effect
e-business-ISP relations. Even the most self-sufficient e-businesses, usually
utilize an upstream service provider of some sort. Furthermore, to the extent
that an e-business takes on attributes of an ISP, these precedents and provisions
may apply directly to the e-business as a service provider. For most e-businesses,
the host will be the ISP and issues of ISP liability that arise may be incorporated
into a hosting agreement. The default rule set forth by the CDA and the cases
interpreting it in regards to defamatory or obscene content will immunize the
host from liability for an e-business' wrongdoing in publishing such content.
While a specific hosting agreement certainly may be drafted to reallocate the
liability in these cases, there is little incentive for the host to do so and
the e-business itself is clearly in the best position to regulate its content.
These considerations make it likely that the default rule will be followed.

The DMCA safe
harbor provision presents an opportunity for a practitioner to draft specific
contractual provisions for a hosting arrangement to address the execution of
the statutory processes. Because the DMCA safe harbor may give ISPs an incentive
to overreact in shutting down sites that are allegedly infringing, an e-business
may wish to modify a hosting agreement to allow recovery for damages due to
improper termination of service (i.e. termination when there was no infringing
content or other infringing activity). An e-business may also wish to draft
contractual language concerning the processes by which a host ISP may shut down
service. For instance, an agreement could require notice of pending termination
to be given to the e-business and provide for a specific period of time to cure
the allegedly infringing conduct prior to termination or suspension of service.
Such contractual provisions regarding recovery for improper termination or the
process of termination can be a powerful tool to blunt the blow upon content
providers and other Internet users by the DMCA and its encouragement of vigilance
on the part of ISPs. It should be noted however, that contractual provisions
that work within the contours of the DMCA and attempt to reach agreement on
the ambiguous interpretive junctions of specific statutory provisions will be
more likely to withstand challenge, as the federal statute may be found to preempt
any explicitly contrary contractual language in court proceedings. This is particularly
important considering the rights of third parties (copyright holders) are involved
in these types of cases.

The other main
situation in which an e-business may be affected by issues of ISP liability
is that in which the e-business itself takes on the attributes of an ISP, opening
itself up to potential liability for the acts of its users. This process of
an e-business taking on the characteristics of an ISP is common for those websites
that offer users more interactive services. An e-business may find it advantageous
to give its customers fora, such as chat rooms, to discuss products and other
topics related to the e-business. Or it may wish to allow its customers to post
product reviews that potential buyers can then access. These chat rooms or review
areas may be used in a manner that injures third parties - ranging from the
posting of defamatory content to copyright infringement (either direct posting
of copyrighted material or contributory infringement by posting sites where
copyrighted material can be illegally obtained).

Assessing whether
an e-business can be held liable for such acts of its users depends on the construction
of the statutes at issue. The courts have explored the contours of the CDA and
DMCA and their applicability to websites in several major cases.

Like hosting,
web design and programming is something that can be developed by in-house personnel
or can be outsourced. While most businesses take advantage of the benefits of
outsourcing the hosting of servers, web design and, to a lesser extent, programming
are often kept in house for several reasons.

Web design is the most crucial aspect of an e-commerce business. The website
is where customers interact with the business and buy products; in some instances
(as with purely content providers), the website itself is the product. Another
reason many companies keep web design and programming in-house is because the
Internet economy in general and e-business specifically often calls for rapid
changes - both in the content and design of websites. In terms of content, it
may often be the case that an e-business needs to add updated products or product
information to its website, either as part of the regular course of business
or in response to some particular event in the market. For design in general,
it will often come to the attention of those running an e-business that a particular
new web design or layout of the site would be more attractive to customers or
make the site easier to use. It may also come to the attention of those running
the business - often in the form of customer complaints - that there is some
sort of problem with the functionality of the site or its general layout. Keeping
an in-house team of programmers/designers allows the e-business to respond to
these stimuli quickly and keep the business running smoothly, which may not
be possible if the services are outsourced due to lack of personnel, time or
urgency on the part of the contracted designers and programmers.

However, it is
not always feasible for every business to keep a fully equipped in-house design
and programming team. Some small businesses may not have the budget or the pressing
business need to develop their own programmers. Large businesses may choose
to outsource certain aspects of the design and programming services, such as
graphic design, editing, and backend software development. Many of these oft-outsourced
services have to do with design and programming aspects that are not site-specific.
One reason for this is the idea that an outside party may not fully understand
the vision and purpose of the e-business, so should work only on the more generic
aspects of design and programming. In other cases, it may not be cost-effective
to develop one's own designers/programmers for things that are not site-specific.
For instance, a site in need of graphics for its website may hire an outside
graphic designer to develop pictures and icons. Outside programmers are often
hired to implement credit card verification systems, inventory and archiving
systems, and internal search engines. The more mechanical an aspect of website
functioning, the more likely it is to be outsourced. Thus, much programming
outsourcing is geared towards backend functionality and internal aspects that
keep a website running smoothly behind the scenes.

B. WEBSITE DEVELOPMENT AND INFRINGING CONDUCT/CONTENT

As with hosting, when programming and design services are outsourced, the e-business
and its attorney must undertake an analysis regarding allocation of risk and
responsibility through the services contract. Two main areas in which there
can be problems are liability for copyright or trademark infringement and service
disruptions or other problems due to malfunctioning programming. In terms of
copyright, an e-business should communicate to a hired designer that all graphics,
photographs, and text used on the website must be original or in the public
domain. As most of the photographs and graphics currently used on websites and
in print media are copyrighted, the e-business practitioner must diligently
attempt to determine whether non-original graphics/photos used by an outside
designer are truly in the public domain. The attorney should also be aware of
the fair use doctrine (Website)(§107)
as it may be useful in excerpting portions of texts (a favorable review of the
business' website or products, for instance) or other copyrighted media - although
it should be noted that use of copyrighted materials for commercial purposes
enjoys less latitude in fair use analysis than non-commercial use (Website)(Sony).

While these copyright concerns apply equally to businesses that design their
own websites, it is important to note that contracting the work out will not
save the website publisher itself from escaping liability for any infringement,
due to the basic tort concept of vicarious liability. One possible way around
this is to create a contract that specifically puts the burden of noninfringement
on the contracted designer and holds it liable for any infringement. This does
not absolve the publisher from copyright infringement, however, and a business
may be limited to seeking post-judgment contribution from the designer or may
be left to satisfy a judgment if the designer is insolvent or otherwise judgment-proof.
While such contractual language is still better than nothing, perhaps the best
technique to employ is to carefully check a contracted designer's work or avoid
using non-original content at all.

Programming malfunctions and other associated problems can also be handled through
contracts between the e-business and its hired programmers. To the extent that
any such problems adversely affect customers (as in overcharges on credit cards,
failure to register sales and ship products, etc.), there are similarities to
the copyright context regarding satisfaction of a wronged third party. This
is a particularly grave concern when problems with programs result in security
breaches, which may lead to anything from a hacker putting offensive material
on a business' website to the release of personal information or credit card
numbers. Once again, when drafting a contract between an e-business and outside
programmers, an attorney should be aware of possible problems that may result
from faulty or otherwise malfunctioning programs. Contracts should consider
a mechanism to address unforeseeable problems should they arise and arrange
for necessary modifications to remedy them, as well as remedies for substandard
or negligent programming. When hiring outside programmers, e-businesses should
inquire into past problems with the programmers' work and their general service
records and customer satisfaction in order to make an informed judgment about
the likelihood of problems and potential adverse effects on customers. However,
it should be recognized that programming is an ever-changing field and therefore
never free from errors; this should also lead the e-business to implement contingency
plans for problems due to program malfunctions and have mechanisms in place
to remedy such problems immediately.

See Security
for more information about external threats to website integrity.

D.
SOFTWARE LICENSING AND WORK-FOR-HIRE CONTRACTS

Another aspect of programming that warrants brief mention for its legal implications
is programmers' use of software and software licensing. For instance, a website
may wish to use automated software for matching users up with products, but
the contracted programmer is unable to develop a program due to budgetary or
technological constraints. In such a case, the e-business or its programmer
may look into commercial software available to meet this need. As most software
requires a license for each distinct use, an e-business should make certain
to pay for the license for the use of such software by its hired programmers.
While this will increase the cost of programming services, it is important to
ensure the software is being used legally so as to eliminate any possible cause
of action by the software rights holder. The cost of these licenses may be charged
in the services agreement with the programmers or the e-business can exercise
more caution and arrange to pay the software licensing fees directly to the
software developers. The latter option would prevent the e-business from assuming
any liability in the case of an unscrupulous programmer who charged for software
licensing fees but did not pay the software developers. Of course, this is may
not always be a concern, as many programmers use their own software and certain
software is in the public domain. In drafting a programming arrangement, the
diligent attorney should inquire into the software to be used and make sure
any needed licenses are obtained.

In addition to
respecting others' rights in their software, it is important for an e-business
to take measures to protect the software and other materials (including the
web page itself, databases, etc.) developed for the e-business itself. All free-lance
and other contract work should be done on a "work-for-hire" basis
which, when specified in advance by the parties in their written agreement,
allows all copyrights in the contractor's work to vest automatically in the
e-business. If such agreements are not executed in advance, then the material
belongs to the contractor and the e-business must obtain a written license to
use the work on the website, or preferably an outright assignment of all rights.
The work-for-hire rights automatically accrue to employers when the creation
of the website material is required as part of the employee's job duties.

In order to be successful, an e-business must engage in advertising and marketing.
These areas have more in common and substantial crossover with their counterparts
in the traditional bricks and mortar business world than the more technology-specific
concerns above. However, advertising and marketing in the online medium also
raise considerable novel issues of which the e-commerce practitioner should
be aware. This section will highlight some common modes of advertising and marketing
online and examine some legal issues that may arise in those contexts. (Note:
This section will not deal with advertising and marketing through traditional
media such as television and radio, billboards, mass mailings, etc.).

A. ADVERTISING

Advertising one's e-business online usually takes one of two forms: 1) the purchasing
of advertising space on another's website, or 2) swapping advertising space
with another business or participating in an general advertising exchange program.
Purchasing advertising on another website requires an e-business to determine
its potential/desired customers and find an appropriate site through which to
reach them. Advertising and marketing online offer e-businesses the advantage
of reaching a well-defined target audience easily by buying space on websites
whose visitors are in the same demographic as those sought as e-business customers.
Websites are able to gather varying amounts of information about the types of
visitors to their site (as will be discussed in Part
3: Consumer Privacy) with sites requiring registration or subscription particularly
adept at gathering detailed information. This offers a distinct advantage over
the types of data that can be gained from other media such as television and
radio - instead of merely determining that a program is predominantly reaching
the 18 to 25 year-old male demographic (a favorite group of television and movie
executives), websites can give a more detailed breakdown of their audiences.
This information can include age, sex, race, nationality, and other categories
that make targeted advertising and marketing a reality - meaning less money
is wasted going after groups to whom the e-business is not really catered. (Note:
Gathering such information can raise significant privacy concerns; see the forthcoming
course section on Privacy). Websites also can give potential advertisers information
about the volume of traffic to their sites and therefore the size of the audience
that will be reached by the advertisements.

A preliminary step in finding advertising space is thus determining what types
of websites attract users who would be potential customers of the e-business.
In some cases this may be easy - a golf news website would be a good fit for
an online seller of golf equipment - while in other cases more research will
need to be done to determine a good fit between advertiser and host. Most large
websites have links to general advertising information and contact information
for their advertising sales departments. Prospective advertisers can then make
appropriate inquiries into the audience they would reach by advertising on a
particular website, the costs of advertising, etc.. One other option is to go
through a large-scale advertising service, such as DoubleClick (Website)(DoubleClick),
that offers advertisers access to a network of partner websites in different
categories. Such services act as middlemen, bringing together advertisers and
those with advertising space in similar fields, eliminating many of the transaction
costs associated with searching for individual advertising hosts. Utilizing
such a service also will likely increase the audience the advertisement reaches
by displaying a client's advertisement across a wider array of host sites, although
this may come at the expense of reaching a more narrowly defined target audience.

Legal issues in renting advertising space mainly involve the agreements between
advertiser and host. An e-business may have different options in structuring
these agreements, such as choosing to pay a fixed price for advertising for
a particular period of time, paying the host on a sliding scale depending on
the amount of traffic to the host site or actual clicks through to the targeted
(advertising) site, or paying the host a commission on sales made as a result
of the ad. Issues concerning ad placement, number of views, viewership guarantees,
ad tracking, and click-through fraud prevention should all be spelled out in
the advertising agreement. As an e-business' advertising needs are sure to change
over time, an agreement should also contain provisions regarding changing one's
advertisements during the course of the contract; such a provision also allows
changes to be made in response to consumer complaints/feedback. The advertising
host likely will want to include in the agreement clauses indemnifying it in
certain situations. These situations - which should also be kept in mind if
the e-business itself decides to sell advertising space - include copyright
and trademark infringement as well as cases involving fraud or misleading advertising.

Copyright and
trademark infringement issues may arise as a result of infringement directly
in the displayed advertisement itself or by linking through the advertisement
to a site that contains infringing works. In the former case, the infringement
itself is posted on the host site and the host is therefore potentially liable
for copyright infringement (Website)(Fausett).
The case of advertisements linking to a site that contains a copyright or trademark
infringement may give rise to a claim of contributory or vicarious infringement
against the linking party. Contributory copyright infringement results when
"one who, with knowledge of the infringing activity, induces, causes, or
materially contributes to the infringing conduct of another" (Gershwin).
The U.S. Supreme Court has also acknowledged the doctrine of contributory copyright
infringement (Website)(Sony,
435). To deal with these situations, the parties should agree upon which
party will be held liable for such infringement, as well as create a plan of
action in the case that a possible infringement is brought to the attention
of the host or advertiser.

In addition to advertising, many e-businesses also reach potential customers
via email. Contacting customers through email usually takes two forms: targeted
emails directed at past customers or registered users of an e-business, or mass
emails sent to a mailing list usually compiled by a third party. Many respected
e-businesses use the first form of targeted emails to customers or registered
users in order to keep these consumers apprised of new developments at the e-commerce
site, such as new products, sales/promotions, or a new version of the website.
When registering at a website (usually for the promise of greater access to
information, products, etc.) or when purchasing a product, most e-businesses
usually ask for a customer's email address and other basic information (more
information is usually required when purchasing a product because of the need
for shipping and credit card information). A common technique of many e-businesses
is to have email offerings included in the options when a visitor signs up as
a member of the website or purchases a product. Visitors are often given the
option to receive regular newsletters from the e-business, emails regarding
sales or promotions at the website, and a variety of other choices. These options
are offered through a series of boxes that show a preference for the service
offered when checked. A common ploy of websites to get visitors signed up for
the services is to have all the boxes checked as the default, leaving the visitor
to uncheck the boxes representing unwanted services. This is an example of an
opt-out system - the consumer is required to take active steps to opt out of
the plan of services; the passive consumer receives the emails as the default.
The other option would be an opt-in plan, whereby the consumer who wished to
receive emails would have to take active steps (i.e. checking the boxes) to
get on the mailing list. In such an opt-in scheme, the passive consumer receives
nothing as the default.

The question of
whether to use an opt-in or opt-out scheme for targeted emails is a sensitive
one that brings in questions of consumer expectations and privacy. An opt-out
scheme may seem invasive to some consumers because they end up receiving emails
for which they did not explicitly sign up. However, the user's feeling of inconvenience
is probably less in this case than it is in the case where the user simply received
unsolicited mail from a website or e-business with which he or she had no prior
contact. This is largely because the consumer has already taken active steps
to develop a relationship with the e-business, either by signing up as a registered
member or by purchasing a product. Due to this relationship, the consumer has
or should have more of an expectation that the e-business will contact him/her
in the future and should not be put out by receiving emails from the e-business.

Of course, the e-business should use discretion and good business judgment in
sending emails - consumers are a lot less likely to be rankled by a bi-weekly
email than a daily newsletter or other persistent contact that may lead to annoyance.
And an e-business should always make it clear in the email sent that the consumer
has the option to opt out of the email service by sending a reply email to unsubscribe
from the periodic mailings or by visiting the website to take an email address
off the mailing list. Making it difficult to opt out of the mailings or not
taking people off the list who wish to be removed may lead to people feeling
harassed or invaded and result in a complaint against the offending website.
Some e-businesses may make the decision that they wish to play it safe and not
offend anyone, and therefore use a strict opt-in sign-up system for marketing
emails. Most, however, will find it is worth losing a small percentage of upset
customers for the ability to reach more users than they would be able to with
an opt-in scheme. Even if most who receive the marketing emails simply delete
them, it may be worth it to send them to reach those who do read them and to
take a chance that a catchy subject line can get the deleters to read the messages
from time to time. In the end, an opt-out scheme probably will lead to a greater
audience for these marketing emails and will typically not be considered unduly
invasive due to the consumer's pre-existing relationship with the e-business,
but the business should make certain that recipients who do not wish to receive
emails have a quick and easy method of unsubscribing from a mailing list or
otherwise opting out of the service. An e-business should not take lightly the
potential for a strong negative reaction on the part of consumers due to the
receipt of unwanted email.

The other major type of email marketing involves sending unsolicited emails
to mailing lists compiled by a third party or an e-business itself. Unsolicited
emails such as these raise significant concerns that do not arise where the
parties have a prior connection. This type of system goes beyond a mere opt-out
system in pushing emails upon potentially unwilling recipients because the recipients
have no pre-existing relationship with the entity sending the emails. Due to
this lack of a relationship, the emails are more likely to be viewed as an invasion
of a consumer's privacy or as a form of harassment. Such unsolicited emails,
also known as spam, are generally considered a form of junk mail and are typically
utilized by and associated with pornography websites, get-rich-quick schemes,
and generally solicitous and invasive businesses. The annoyance to, and resulting
outrage of, recipients, as well as the stigma of being associated with a certain
type of business entity is enough to steer many e-businesses away from utilizing
spam, but there are legal considerations that militate against such practices
as well.

In the case of
Intel Corp. v. Hamidi (Website)(Hamidi),
a California Court issued an injunction against a former employee of Intel who
was sending unsolicited emails to Intel employees regarding the company's employment
policies. The court based its ruling on a trespass theory, suggesting that such
emails were tying up the computing resources and time of Intel employees and
therefore causing material loss to the corporation. While this case involved
a somewhat different factual situation than one where an e-business spams a
wide range of potential customers, it does show that certain forms of abuse
will not be tolerated and that spamming can be illegal in certain circumstances.

While courts have thus relied on existing legal doctrines to find some spammers
guilty of unlawful conduct, recent proposed legislation in the states and in
the U.S. Congress would explicitly make certain actions involved with spamming
illegal. Because many ISPs have anti-spam measures and take steps to block spam
coming from particular addresses or computers, many spammers jump from account
to account to avoid detection and being shut down. The new proposed bill, the
"Anti-Spamming Act of 2001" (Website)(Anti-Spam
) provides for criminal penalties for Internet users who falsify their email
addresses in this manner in order to send spam. The bill, whose sponsor views
spam as a substantial burden on Internet users whose connections are adversely
affected by the volume of commercial junk mail received, allows for monetary
fines and damages awards against generators of spam. Several previous efforts
to regulate spam by state lawmakers have been struck down on the theory that
such measures, as state laws affecting interstate commerce, violate the Commerce
Clause of the U.S. Constitution (Website)(Clause),
which gives Congress sole power to regulate interstate commerce (Website)(Kaplan).
As the new proposed legislation would be passed by the U.S. Congress, it does
not suffer this Constitutional deficiency.

In addition to
legal issues raised by reaching potential customers through unsolicited emails,
there are other measures taken to prevent Internet users from receiving spam
that may adversely affect an e-business attempting to utilize mass mailings.

In the end, the
threat of an e-business' emails being blocked by a private service, triggering
penalties under the proposed federal statute, or causing loss of business due
to annoyance to potential customers leads to the conclusion that mass unsolicited
mailings are an unwise (and potentially illegal) marketing method to be employed
by an enterprise. Furthermore, promoting an e-business via spam may also constitute
a breach of the company's ISP/host agreement and result in termination of service.
The best way to reach customers therefore is through the aforementioned techniques
of advertising or using targeted email directed at past customers or registered
users of a website.

If an e-business wishes to reach a wider audience via email, the best way to
do so may be to partner with another entity that sends targeted emails to customers
and is willing to add an advertisement or link to the e-business' website, in
exchange for similar concessions or some other consideration. If such a plan
is followed, the businesses involved should make it clear to customers in the
agreement to receive emails (the box checking form discussed previously) that
their emails may contain information about its partners and affiliates. A decision
to enter such an agreement should account for potential adverse customer reactions
(depending on the level of perceived intrusion) and any implementation of the
agreement should always offer the recipient to opt out of some or all of the
services.

C. SEARCH ENGINES

Perhaps the most effective and cost-efficient means for an e-business to reach
potential customers is through search engines, a method by which many consumers
are matched up with businesses offering products or services they desire. There
are two major types of search engines: web directories and engines utilizing
spiders or web crawlers to catalog websites. Directories generally work by soliciting
websites for inclusion in a web directory, which is then searched by users.
In this sense, it is an active process that requires affirmative action on the
part of an e-business in order to get listed in the directory. The most well
known web directory is Yahoo! (Website)(Yahoo!),
which accepts submissions from websites to be included in a particular category
under the Yahoo! organization scheme (Website)(Suggest).
Simply suggesting a site does not guarantee immediate inclusion in the Yahoo!
directory, however, as Yahoo! must review the site prior to its inclusion to
determine whether it is in the appropriate category and whether it is appropriate
to include the website at all.

Search engines that utilize spiders or web crawling technologies to catalog
websites operate in a very different manner than web directories. These engines
use technological means (often called robots or spiders) to scour the web and
then catalog the websites in their engines to be pulled up when matched with
user search terms. An example of a popular search engine that utilizes such
technology is Google (Website)(Google),
which uses its Googlebot web crawler to explore the vast offering of web pages
available on the Internet and index them for use in its search engine. This
offers an advantage to e-commerce sites over directory services in the sense
that no affirmative action is necessary to have one's website listed; the web
crawlers automatically add all cataloged sites to the search engine's index.
In addition, some robot-based engines, such as Google, offer submission of URLs
for faster addition to their indexes (Website)(Submit).

In contrast to
the early days of search engines, the ability to purchase higher rankings on
the top search engines no longer exists. Understanding the ranking systems of
search engines, however, allows an e-business to take measures in several major
areas to ensure higher placement. These areas include click popularity, stickiness,
link popularity, and page-related factors such as tags and keywords.

Click popularity is a measure of the number of times search engine users click
on a particular site when it is returned as a result of a search. The greater
the number of users who choose a particular site, the higher ranking it will
have. DirectHit (Website)(DirectHit),
a search engine whose technology is used by a number of other major search engines
(including Lycos at http://www.lycos.com,
HotBot at http://www.hotbot.com,
and MSN at http://www.search.msn.com),
utilizes a unique ranking system that incorporates click popularity to match
users up with the most popular sites in the search field. The DirectHit ranking
scheme also incorporates the related concept of stickiness, which is a measure
of the length of time users spend at a site once they click through to it from
a search engine. The greater the stickiness, measured by the length of time
between clicks on different results of an original search, the higher the ranking
the engine gives the website. In order to achieve greater click popularity,
an e-business should look to have a good, descriptive title that sets it apart
from other sites. As users of search engines see only a title and brief description
(either based on a submitted description or the first lines of text on the website)
when results of a search are returned, the title and description should be tailored
to entice viewers or otherwise set one's site apart from others' sites. As to
stickiness, the layout of one's website and the overall design will be very
important to users when determining how much time to spend at a site. The greater
the extent to which an e-business can further draw users into its website, the
greater the stickiness will be and the higher the ranking. When designing a
site or overseeing the work of outside designers, an e-business should consider
factors influencing stickiness, such as general layout, ease of navigability,
functionality, and frequency of site updates. Self-audits measuring stickiness
can often be performed by hosting services, from which an e-business can gain
valuable information regarding its visitors and how long they stay, allowing
tailoring of a website to increase stickiness by better meeting its visitors'
preferences and computing needs.

Link popularity
is very important in certain search engines' ranking schemes, particularly Google's.
This metric basically measures the number of links to a website from other websites,
giving higher rankings to sites with more links to them from other websites.
In addition to measuring sheer numbers, certain ranking schemes (most notably
Google) take into account the origin of the links, weighing links from more
highly rated pages greater than those of lesser-ranked pages. Thus, a link to
one's website from CNN.com is given more weight than a link from Joe Smith's
News of Wichita. The effect of link popularity on ranking schemes thus may influence
marketing plans when determining affiliate and partnership agreements with other
websites, as well as different advertising strategies.

Page-related factors
deal less with viewer's perceptions of a website and more with how a search
engine reads the internal placement of keywords in the text of a website and
use of meta-tags in web programming. In this sense, while the above factors
more heavily influence the ranking or placement of a site on a results page,
the page-related factors are the gatekeepers for whether a site is returned
as a result in a search at all. An e-business website thus must reverse-engineer
searches in a way, making a determination of how users will get to the site
through a search engine or how it wishes these users to get to its site. The
main way to ensure that users get to one's site is to create a set of keywords
that describe the content and product offerings of the website.

Practitioners
and e-businesses alike should be aware that a large number of cases have arisen
involving meta-tags and trademark disputes. Many of these cases have involved
situations where, in an effort to drive traffic to their sites (and away from
competitors), web developers have used the trademarks of competitors in their
meta-tags. One major case involving such a dispute was Playboy Enterprises,
Inc. v. Welles (Website)(Playboy).
The defendant in that case, a former Playboy model, used the plaintiff's trademarks
such as "Playboy" and "Playmate of the Year" as keywords
in her website's meta-tags. Playboy claimed that the use of these trademarks
by her site, which was a competitor to Playboy's own website due to its adult
content, constituted trademark infringement. The court, however, granted summary
judgment for the defendant, ruling that, as a former Playboy model and Playmate
of the Year, defendant was entitled to use the trademarks to identify herself
as such under the fair use exception to the trademark doctrine (Website1,
Website2)(§1115(b)(4)
and 1125(c)(4)).

In other cases
where a fair use defense has not been available, however, the competitor's use
has been found to constitute an infringement. In Brookfield Communications,
Inc. v. West Coast Entertainment Corp. (Website)(Brookfield1),
the defendant used the plaintiff's trademark "MovieBuff" in both its
domain name and meta-tags. The appellate court reversed the district's court
denial of a preliminary injunction for the plaintiff, ruling that irreparable
injury would likely result from the defendant's continued use of the trademark
in the domain name and meta-tags. On the meta-tag issue, the court stated that
while "West Coast can legitimately use an appropriate descriptive term
in its metatags," plaintiff's trademark MovieBuff was "not such a
descriptive term" (Website)(Brookfield2).
Plaintiffs have prevailed on motions for preliminary injunctions in similar
cases involving the use of plaintiffs' trademarks in defendant competitors'
meta-tags (Website)(Roberts).

These cases sound
a stern warning to e-businesses thinking about using competitors' trademarks
in meta-tags. However, they should not prevent an e-business from using in its
website text terms that may be trademarked but are used for descriptive purposes
in accordance with trademark's fair use doctrine. To this end, an e-commerce
practitioner should be familiar with the relevant sections of the trademark
code dealing with fair use [Website1,
Website2)(§1115(b)(4)
and 1125(c)(4)] and run a trademark search (Website)(TESS)
on any potential keywords that may be trademarked by a competitor. And to the
extent that these issues will be encountered in website development, a web development
agreement should incorporate an e-business' policies regarding tagging for search
engine placement.

Like any business venture, developing an e-commerce website involves contributions
by a wide variety of parties and engenders important legal considerations that
have the potential to derail even the most well-intentioned entrepreneur. The
above discussion of domain name registration, hosting, website development,
security, and marketing and advertising is meant to highlight some of the major
issues e-businesses will face in getting up and running. The list is by no means
exhaustive and every e-business will encounter a different set of circumstances
that may require additional issues to be addressed or the same issues to be
addressed in different ways. The remainder of the course will take a more in-depth
look at particular legal issues in the e-commerce context, including transactions,
consumer privacy, and disputes.

See
Network Solutions, Inc. v. Umbro Int'l Inc., 259 Va. 759, 770 (2000) ("[W]e
do not believe that it is essential to the outcome of this case to decide whether
the circuit court correctly characterized a domain name as a 'form of intellectual
property.'"), available at http://www.gigalaw.com/library/nsi-umbro-2000-04-21-p1.html
(back to text)

See
17 U.S.C. §107 (1994), available at http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/1/sections/section_107.html
(back to text)

See Sony Corp. v. Universal City Studios, Inc., 464
U.S. 417 (1984) (Discussing the importance of whether a use of copyrighted material
was commercial or non-commercial in determining whether such use was fair),
available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=464&invol=417
(back to text)

See
Sony at 435 ("[T]he concept of contributory infringement is merely a species
of the broader problem of identifying the circumstances in which it is just
to hold one accountable for the actions of another.") (back
to text)

See
Carl S. Kaplan, In Spam Case, Another Defeat for State Internet Laws,
NEW YORK TIMES CYBER LAW JOURNAL, Mar. 24, 2000, available at http://www.nytimes.com/library/tech/00/03/cyber/cyberlaw/24law.html
(back to text)

U.S.
CONST. art. I, §8, cl. 3, available at http://caselaw.lp.findlaw.com/data/constitution/article01/
(back to text)

See,
e.g., Ken Roberts Co. v. Go-To.com, No. C99-4775-THE, 2000 U.S. Dist. LEXIS
6740 (N.D. Cal. May 10, 2000) (Judgment against defendants who used plaintiff's
trademarks in meta-tags on basis of trademark law regarding false designation
of origin and trademark dilution, as well as state law claims), summary available
at http://www.finnegan.com/summ/cases/kenroberts.htm (back
to text)

To determine whether
a potential SLD is free or trademarked by another entity, one should run a trademark
search. If the enterprise intends to do business on a global basis through its
website, then it would be advisable to search for trademark conflicts on a global
basis. Trademarks registered in Europe can be searched theough the Community
Trademark Consultation Service (available at http://www.oami.eu.int/search/trademark/la/en_tm_search.cfm),
while marks registered in Canada can be searched at the Canadian
Trade-Marks Database (available at http://strategis.ic.gc.ca/cgi-bin/sc_consu/trade-marks/search_e.pl.).
For U.S. federal marks, one can run a search for potential domain names through
the U.S. Trademark
Electronic Search System (TESS) (available at http://www.uspto.gov/web/menu/tm.html)
of the United States Patent and
Trademark Office (USPTO) (available at http://www.uspto.gov). This can then
be supplemented with a quick nationwide business name search through an online
yellow pages (available
at http://www.yellowpages.com). Together, these searches will give the user
a rough idea of any potential conflicts and exhibit a good faith effort to ferret
them out, although such cursory searches do not guarantee the absence
of conflicts or indemnification of the user. An exhaustive search would
include state trademark registrations, other national registries and other business
registries. For more information on searching, see Susan E. Gindin, Researching
Trademarks (1998) at http://www.info-law.com/tmsearch.html. More comprehensive
services along these lines are available through private trademark search services
such as Trademark.com at http://www.trademark.com/new_tmdocs/index.shtml,
Thomson & Thomson at http://www.thomson-thomson.com/,
DialogWeb at www.DIALOGweb.com,
Micropatent at http://www.micropatent.com,
and Trademark Register at http://www.trademarkreg.com/.

Selection of a
domain name for an online enterprise is as complex as the process for choosing
a trademark name. Legal advice is strongly recommended to protect the value
of the entrepreneur's investment in the name from claims of infringement. In
the end, those wishing to take the most effective measures possible against
potential conflict can take steps to register their trademarks through their
local government (in the U.S., the USPTO). The USPTO website, for one, allows
users to make an official
registration filing online at http://www.uspto.gov/teas/index.html.

These boilerplate
contracts/agreements are generally nonnegotiable due to transaction costs associated
with the customization of contracts. Most registrants take substantially the
same positions in their contracts, although some have additional provisions
exceeding those above. One provision that often differs from registrar to registrar
in its specifics are the governing law and forum selection clauses, as these
tend to be tied to the registrar's place of business. In the end, very few users
will take the time to look through such provisions and most of the disputes
that arise will probably deal with the UDRP procedure and the cancellation or
transfer of a domain name. Due to the fact that many e-commerce entrepreneurs
will seek legal representation only at a later stage in the set-up process,
practitioners should be aware of these agreements should any disputes arise
at a later date or if the client wishes to modify the registration in some manner.

An example from
the UDRP context shows the importance of awareness of the specifics of a TOS.
Under the UDRP, a trademark owner who brings an action agrees to submit to one
of two possible jurisdictions should the domain holder wish to appeal an adverse
decision. The choice is between the jurisdiction of the domain holder or the
jurisdiction of the registrar. The registrar's location may therefore be important
to a domain registrant who has no prior legal rights in the domain name. The
language of the registration agreement is the language in which the UDRP must
be conducted, so this is another factor to consider in selecting one's registrar.
For those registrants with the foresight to obtain representation prior to registering
a domain name, the practitioner's comparison of the specifics of different registrars'
TOS agreements can be helpful in advising the client as to which service to
use.

The defendant in
this case had posted some allegedly defamatory statements regarding the plaintiff
on his Internet news site. The plaintiff sued not only the generator of the
content (Drudge), but also AOL, which had an exclusive agreement with Drudge
to distribute his column to its subscribers. In granting AOL's motion to dismiss
the charges against it, the court made the distinction between an ISP that actually
develops content itself - which is not covered by the 47
U.S.C. §230 immunity - and one that merely posts or distributes the
content of others. The court ruled that AOL fit in the latter category, which
was protected by the statutory immunity. The court also found unavailing the
plaintiffs' argument that this case should be decided differently than previous
cases decided under the CDA because Drudge was not merely an anonymous poster
to a chat room and AOL maintained a degree of editorial discretion over his
content. While the court recognized that such a distinction seemed logical,
it stressed that "Congress has made a different policy choice by providing
immunity even where the interactive service provider has an active, even aggressive
role in making available content prepared by others."

Gucci America represents
a departure from the trend towards a wide scope of immunity for ISPs, suggesting
that courts might impose liability on ISPs in certain circumstances. The court
in that case addressed the issue of ISP liability arising from a claim of trademark
infringement by Gucci against Hall, whose e-commerce site containing allegedly
infringing materials was hosted by Mindspring. Mindspring moved to dismiss Gucci's
claim, arguing that it was immune from liability under §230(c)(1)
of the CDA. The court rejected this claim, however, relying on §230(e)(2)
of the CDA, which states: "Nothing in this section shall be construed to
limit or expand any law pertaining to intellectual property." The court
reasoned that because, "[u]nder existing intellectual property law, publishers
may, under certain circumstances, be held liable for infringement," §230(e)(2)
unambiguously constrained it from extending the §230(c)(1) immunity to
Mindspring.

The court rejected
Mindspring's argument that because the issues of trademark infringement had
never arisen in the ISP context, there was no existing intellectual property
law to trump the immunity. Furthermore, the court found unavailing Mindspring's
reliance on Zeran,
distinguishing that case on the basis that it construed the CDA on the grounds
of tort immunity and not immunity from intellectual property claims. The fact
that Congress had chosen to pass the Digital
Millennium Copyright Act to address ISP liability in the area of intellectual
property law further supported the court's interpretation of the CDA as limited
to immunity from tort liability. The ISP was not entitled to rely on the Digital
Millennium Copyright Act, however, because the court stressed that the Act applied
only to copyright and not trademarks. While the procedural posture of the case
and the novelty of the issue leave its precedential value open to question,
it nevertheless serves as an important indication that there are limitations
to an ISP's immunity under the CDA scheme.

The notification
procedures of the DMCA have the potential to mute certain ancillary effects.
Under 17 U.S.C
§512(c)(3), a copyright holder must follow certain procedures in notifying
a service provider of copyright violations in order to force the taking down
of copyrighted materials. These notice requirements include, among others: identification
of the copyrighted work claimed to have been infringed (or a representative
list of such works), identification of the material that is claimed to be infringing
and that is to be removed or disabled, and a statement that the complaining
party has a good faith belief that use of the material in the manner complained
of is not authorized by the copyright owner, its agent, or the law.

In the recent case
of ALS
Scan v. RemarQ Communities, 239 F.3d 619 (4th Cir. 2001), the court addressed
the issue of the level of notice this DMCA provision required. The plaintiff
in that case became aware of the existence of hundreds of its copyrighted images
on the defendant service provider's newsgroups. When the plaintiff notified
the defendant of these violations by identifying two newsgroups that were devoted
to trading in the copyrighted images, the defendant refused to comply with the
request to take down the images, asking instead for the plaintiff to identify
each individual work being infringed with greater specificity. The plaintiff
filed suit under the copyright code and DMCA, which the defendant sought to
dismiss on the basis that the notice given was defective in that it did not
follow the technical requirements of the DMCA.

In reversing the
district court's dismissal of the case, the court of appeals stressed that 17
U.S.C. §512(c)(3)(A) requires only substantial compliance with its technical
requirements and that identifying a representative list of infringed works was
permissible when the identification of each individual work is impractical.
The court responded to RemarQ's claim that the forced removal of the materials
may encompass some noninfringing content by noting that "[t]o the extent that
ALS Scan's claims about infringing materials prove to be false, RemarQ has remedies
for any injury it suffers as a result of removing or disabling noninfringing
material" (239 F.3d 619, 625) under 17
U.S.C. §512(f), (g). The court's accommodating interpretation of the DMCA's
notification provision in this case suggests that service providers who attempt
to hide behind technicalities will not be able to escape punishment under the
DMCA for harboring infringing works or users. However, the ruling also has the
potential to minimize some of the built-in safeguards the notification procedure
may have otherwise had in protecting website operators and other users in borderline
cases. (ALS
Scan v. Remarq Communities is available at http:://www.loundy.com/CASES/ALS_v_RemarQ.html).

While the notice
provisions may therefore seem to tip the scales in favor of the copyright holder,
there are several provisions of the DMCA that allow a noninfringing website/user
to take action to restore its content or recover damages for the removal of
its content. The counter-notice provision, 17
U.S.C. §512(g)(3), allows for a website operator or other person whose content
is removed to file a counter-notice with the service provider stating that he/she
"has a good faith belief that the material was removed or disabled as a result
of mistake or misidentification of the material to be removed or disabled" [17
U.S.C. §512(g)(3)(C)]. If such a counter-notice is given to the service provider,
the service provider must replace the content or cease disabling access within
14 business days, unless it receives a court order from the original complainant
(copyright holder) restraining the user from continuing infringement [17 U.S.C.
§512(g)(2)(C)]. If the service provider does not follow these procedures, the
provision immunizing the provider from liability for injuries to its users from
removal/disabling access [17 U.S.C. §512(g)(1)] does not apply, allowing the
user to recover for a wrongful "take-down" [17 U.S.C. §512(g)(2)]. The other
main provision allowing a user to recover is 17 U.S.C. §512(f) concerning misrepresentations.
That provision allows for an adversely affected user to recover damages (including
attorney's fees) from anyone who "knowingly materially misrepresents … that
material or activity is infringing" [17 U.S.C. §512(f)(1)]. It should be noted
that this provision cuts both ways, however, as there is also a provision [17
U.S.C. §512(f)(2)] allowing damages to be assessed against a user for his/her
knowing misrepresentations in filing a counter-notice. To date, no published
opinions have explored the contours and boundaries of the counter-notice and
misrepresentation provisions.

It should be noted that while hosts often play various roles other than strict
access/service provider, courts are likely to grant them the wide immunity from
liability under the CDA unless it can be clearly shown that the host was acting
solely in another capacity in regards to the alleged wrongdoing. A recent case
in which this issue arose is John
Does v. Franco Productions. In that case, the court granted the defendant
hosts' motion to dismiss, ruling that their "immunity or status as service
providers under the CDA is not vitiated because of their web hosting activities,
whether viewed in combination with their roles as service providers or in isolation."
John
Does v. Franco Productions, No. 99 C 7885, 2000 U.S. Dist. LEXIS 8645, 8645
(N.D. Ill. June 2, 2000), available at http://members.theglobe.com/ericgoldman/DoevFranco.html)

The CDA "Good
Samaritan" provision applies to an "interactive computer service,"
which is defined as "any information service, system, or access software
provider that provides or enables computer access by multiple users to a computer
server." [47
U.S.C. §230(f)(2)] While determining whether an e-business fits into
this definition may depend on a court's construction of terms such as "service,"
"system," and "server," it appears there could be a plausible
claim for many e-businesses to status as an "interactive computer service,"
depending on the services offered.

Although most
cases arising under the CDA have involved traditional ISPs, a recent Ohio case
addressed the issue of whether a website operator offering interactive services
fit under the statutory definition. In Sabbato v. Hardy, No. 2000-CA-00136,
2000 Ohio App. LEXIS 6154 (Ohio Ct. App. Dec. 18, 2000) available at http://legal.web.aol.com/decisions/dldefam/sabbato.html],
the defendant ran a website called "Citizens for a Better Jackson Township"
where users could register and post opinions on the website. The plaintiff sued
when alleged defamatory content was posted on the site, but the district court
dismissed her compliant on the basis of the CDA's Good Samaritan provision,
47
U.S.C. §230(c). While the appellate court remanded to the district
court for a determination of whether the website operator himself was a generator
of some of the defamatory content, it did not upset the trial court's ruling
that his website qualified for protection under the CDA in its role as a distributor.
Based on the language of the statute and the Ohio court's interpretation, it
therefore appears that there can be a plausible claim for an e-business to immunity
from liability under the CDA for acts of its users. Due to the uncertainties
in this area, however, it may be in the best interests of an e-business to remain
ignorant of the content of its chat or other discussion areas in an attempt
to stay within the bounds of Cubby
and Stratton
should the CDA not apply. A policy of simply responding to user complaints regarding
improper content rather than actual periodic policing of the site contents may
stay within the bounds of these precedents. To this end, it is important to
spell out one's policy in regards to termination of user rights and removal
of content in the Terms of Service agreement, particularly when users are paying
a fee for interactive services.

The DMCA safe
harbor provision applies only to a "service provider," which is defined
differently for different specific provisions of the statute. For the purposes
of 17 U.S.C.
§512(a), regarding transitory digital network communications, a service
provider is defined as "an entity offering the transmission, routing, or
providing of connections for digital online communications, between or among
points specified by a user, of material of the user's choosing, without modification
to the content of the material as sent or received" [17 U.S.C. §512(k)(1)(A)].
For the rest of the DMCA's provisions, a "service provider" is defined
as "a provider of online services or network access, or the operator of
facilities therefore, [including] an entity described in subparagraph (A)"
[17 U.S.C. §512(k)(1)(B)]. The definition for purposes of §512(a)
appears to have in mind hosts (and others) providing network infrastructure
and possibly traditional ISPs, while the second provision seems to have more
room for interpretation and might allow certain e-businesses to fall within
the protection of the safe harbor.

These issues were
addressed in the much-publicized Napster case. In that case, plaintiff record
companies sued the defendant, a peer-to-peer file-sharing network enabling users
to swap music files, for copyright infringement. In dismissing Napster's motion
for summary judgment, the court rejected the application of the DMCA's safe
harbor to Napster. In its opinion, the district court first addressed the issue
of whether Napster qualified as a service provider under 17 U.S.C. §512(k)(1)(A)
or (B). [A&M Records, Inc. v. Napster, Inc., No.
C 99-05183 MHP, 2000 U.S. Dist. LEXIS 6243 (N.D. Cal. May 5, 2000) available
at http://www.gigalaw.com/library/am-napster-2000-05-12.html]. Napster argued
that it qualified as a service provider under §512(k)(1)(A), thus entitling
it to protection under the §512(a) safe harbor for transitory digital network
communications. The court expressed skepticism and opined that it was not entirely
clear whether Napster qualified as such a service provider, but did not have
to resolve the issue as the plaintiff conceded that Napster was a service provider
under §512(k)(1)(A). The plaintiff instead argued that, even if Napster
was a service provider, it failed to meet the other requirements of the safe
harbor provisions. In the end, the court declined to grant Napster summary adjudication
because Napster did not meet the requirement of the safe harbor in §512(a);
specifically, it did not "transmit, route, or provide connections through
its system" [2000 U.S. Dist. LEXIS 6243, at *25 (emphasis added)]. On Napster's
appeal from the district court's subsequent injunction, the 9th Circuit Court
of Appeals ruled that the plaintiff had raised significant questions that strongly
supported an injunction, including "whether Napster is an Internet service
provider as defined by [the DMCA]." A&M Records v. Napster, Inc., 239
F.3d 1004, 1025 (9th Cir. 2001) available at http://cyber.law.harvard.edu/~wseltzer/napster.html.

In the end, the
Napster litigation did not definitively answer the question of whether a service
such as Napster would qualify as a service provider under the DMCA, but signaled
that the courts will likely construe the statute rather narrowly. Clearly, however,
the §512(k)(1)(B) definition will be construed more broadly and may allow
for certain e-business sites fall into the definition. See Elizabeth A. McNamara
et al., Online
Service Provider Liability Under the Digital Millennium Copyright Act, 17
Comm. Law. 5, 6 (1999) ("Less obvious is the fact that the definition is
broad enough to potentially include employers that provide e-mail accounts to
their employees and other entities-including newspapers, magazines, and other
media companies-that simply host informational Web sites."), abbreviated
version available at http://www.dwt.com/related_links/adv_bulletins/CMITFall1999ISPLiab.htm.
Future cases may very well arise testing the statute and its application to
other e-commerce networks that provide interactive services, such as Amazon
and eBay, both of which are "service providers" with agents listed
with the U.S.
Copyright Office for notification of claims of infringement pursuant to
the DMCA. Until there is settled case law on the matter, the uncertainty in
the definitions of service provider should lead an e-business to take caution
and proceed under the assumption that it will not be protected by the DMCA safe
harbor provisions.

Security is an
area that is critical to the effective functioning of an e-business and has
major implications for both hosting and development agreements. Breaches of
security may lead to service interruptions and corresponding loss of business
or, worse, may lead to the loss of sensitive business information or even customer
information - ranging from email addresses to credit card numbers. Such dire
consequences make it imperative that security is given high priority in setting
up an e-commerce site and that an e-business make security a priority when arranging
for hosting and programming services. This section will address some common
concerns an e-business should consider when addressing security, including:
access attacks, information theft, and damage to equipment and systems.

Access Attacks

Access attacks,
also know as denial of service (DoS) attacks, are a relatively easy way to disable
a website. Basically, those behind such attacks overwhelm the servers, routers,
and other network infrastructure of a website by inundating the host with a
deluge of information packets, effectively crippling the website and preventing
access by customers. Such attacks have received a lot of attention recently,
as major Internet presences such as Amazon, Yahoo, and CNN have had service
disrupted for long periods of time by DoS attacks, costing the businesses millions
of dollars in lost sales. Compounding the problem for the affected websites,
the attackers in those cases used a technique that made it difficult to trace
the source of the data flood and ferret out the perpetrators - making it difficult
to both stop the flow as well as potentially seek any remuneration from or punishment
of the attackers. Such episodes exhibit the potential deleterious effects of
DoS attacks on e-businesses, where every minute of lost service may result in
hundreds of lost sales and corresponding revenue.

As DoS attacks
are not completely preventable and the motivations of attackers are unclear,
every e-business should have an emergency plan incorporating: 1) countermeasures
to be taken when such attacks occur (such as blocking packets from the originators
of the attack or having a back-up hosting arrangement to switch to in case of
an attack), 2) information-gathering techniques for determining the source of
attacks after the fact, and 3) a public relations strategy aimed at customers,
business partners, and investors addressing the loss of service and its consequences.
If an e-business utilizes an outside host instead of hosting its own website,
the countermeasure aspect of such an emergency plan is one that can take shape
in the hosting services agreement. While it is impossible for hosts to fully
prevent such attacks without seriously inhibiting the speed and efficiency of
the network backbone, most hosts have some network security resources available
to combat DoS attacks. [For one host's approach to service attacks and a more
in-depth examination of the mechanics of such attacks, see Bill Hancock, The
Exodus Network Backbone Environment and DoS/DDoS Attacks, Network Attacks:
Denial of Service And Distributed Denial of Service, available at http://www.exodus.com/press_room/information/ddos/ddos_content.html.]
When arranging for a host, an e-business should inquire into how the host typically
handles DoS attacks and a client's options in minimizing the impact of or thwarting
such attacks. An agreement between e-business and host can then incorporate
a plan in the case of a DoS attack - what the parties' responsibilities are
in handling the attack, any guarantees a host may make concerning its ability
to reroute traffic and limit the scope/duration of an attack, and other issues
relating to allocation of risk and responsibility (e.g., who will be held liable
for injuries to third parties, such as customers).

Information
Theft

Information theft
can have even greater negative effects than an access attack. While DoS attacks
may leave customers frustrated and cut into a day's revenues, the stealing of
proprietary information can lead to loss of sensitive business information ranging
from financial data to long-term corporate strategy. If customer information
is stolen, such theft can also lead to the erosion of customers' trust in both
a specific e-business as well as the general medium of online business transactions.
In addition, such theft may result in a lawsuit directed at the e-business for
not adequately safeguarding such information. Thus the loss of proprietary information
can often have longer lasting effects than mere denial of service and resulting
loss of sales.

While DoS attacks
work by overwhelming one's network infrastructure, information theft is achieved
by exploiting weaknesses in software and technological protections. Proprietary
information may be stolen by hackers getting around or through a network's firewall,
[FN: For a discussion of firewalls and their mechanics, see Matt Curtin and
Marcus J. Ranum, What
Is an Internet Firewall?, INTERNET FIREWALLS: FREQUENTLY ASKED QUESTIONS,
available at <http://www.interhack.net/pubs/fwfaq/#SECTION00031000000000000000>]
by unscrupulous programmers who leave a backdoor in software applications for
their access at a later time, or by disgruntled employees with access to files
who wish to personally profit from company information/resources. Dealing with
employees who may have the motive and means to steal sensitive company information
is largely an internal personnel and security matter for an e-business to address.
Problems due to hackers penetrating a network or programming deficiencies allowing
access to sensitive information, on the other hand, must be addressed when considering
developing in-house programmers or outsourcing programming. If an e-business
determines it is in its interest to outsource such services, potential partners
should be vigorously screened and service agreements should be carefully drafted
to ensure specific security standards as well as allocate responsibility for
security breaches.

Damage to
Equipment, Software or Data

A third and final
type of security threat is damage to equipment, software, or data. Damage to
equipment can be prevented in a relatively straightforward manner by assuring
limited access to equipment and appropriate physical security. For those e-businesses
housing their hardware at their offices, the nature of the business makes it
imperative that a high priority is given to ensuring the physical security of
system hardware. The level of physical security is also an important issue to
consider when choosing a host, and is a consideration that should be explicitly
addressed in any hosting agreement. Software and data can be corrupted or damaged
by viruses that are permitted to enter a business' internal network or directly
by those who gain access by penetrating a firewall or exploiting another weakness.
The risk of damage by viruses can be minimized by adopting appropriate technological
measures to screen incoming packets, while damage resulting from unauthorized
access can be combated by taking the measures to minimize information theft
discussed above. Even if these technological measures fail, an e-business can
minimize the fallout from damage to software and data by periodically backing
up data and applications to utilize in the event of damage or corruption. While
the total loss of information through information theft can often cause irreparable
damage, a well-prepared e-business can seriously minimize the negative impact
of data/software damage through such periodic backups.

Minimizing
Security Risks Through Audits and Contracts

An e-business
can additionally minimize all these types of security risks by hiring a third-party
security consultant to conduct periodic audits of the business network and/or
physical premises for weaknesses in security. Such auditors can often detect
hidden backdoors in programs, weaknesses in firewalls, as well as prior undetected
security breaches. Some businesses may also wish to create a position for a
chief security officer or make sure its systems administrator has expertise
in security issues. As discussed above, however, many security concerns can
be effectively dealt with through appropriate agreements with service providers
(hosts, programmers, etc.). To this end, the e-commerce practitioner should
be aware of the following security issues when drafting agreements for an e-business
client: [Note: While the preceding discussion and following lists separate hosting
and programming services, note that hosts often provide some programming as
part of their package of services, particularly in areas such as firewalls.]

Hosting
Agreements:

How does the
host generally handle DoS attacks? (What is its default position?)

What services
does it offer to thwart/minimize the impact of DoS attacks? What security
options does it recommend as a core package?

How will the
proposed security measures affect network performance?

Can DoS attacks
launched at other businesses hosted in the same facility affect the client
e-business' own website?

Does the host
have its own network security personnel or is such security work outsourced?

What is the
level of physical security (access, alarms, guards, etc.) at the hosting facility?

What security
problems/breaches have arisen in the past and what has been done to prevent
their recurrence? (One may choose to draft an agreement incorporating certain
types of risks as being the responsibility of one or another party; a list
of past problems establishes the foreseeability of particular kinds of breaches.)

What guarantees
is the host willing to make concerning both physical and technological security
measures? Does it carry liability insurance? (Due to the great loss of money
that may result from loss of service, an E-business should consider a contracting
party's ability to pay should damages result from a security breach.)

Development
agreements:

What level
of technological security measures is available? What level is recommended?
(As with most business decisions, choosing the level of security involves
a cost-benefit analysis - the extra security from a more expensive technological
protection may not be worth the cost.)

How do various
levels of security affect the performance of software applications or the
website as a whole?

Have other
clients had security problems with any of the programmer's services/products?
What was done to remedy such problems?

What guarantees
is the programming service willing to make regarding the inviolability of
its technological security protections? Does it carry liability insurance?

Another option for advertising is the use of advertising exchanges, which match-up
websites looking for advertising. Such exchanges, like Microsoft's
bCentral (available at http://adnetwork.bcentral.com/), work by trading
advertising space on one website for space on another member's site. The advantage
of such services is that they are free alternatives to seeking out high-priced
advertising space on other websites. On the downside, it is more difficult to
target advertising to a particular audience, and the viewing audience may be
much smaller due to the fact that most high-traffic sites do not participate
in such programs. Furthermore, there may be less control over what types of
sites end up advertising on the websites of participating members. Some of these
problems may be minimized by joining an exchange that offers a different package
of services (often for a fee), such as more targeted advertising by linking
members in similar fields, better tracking of visitors to advertisers' sites,
etc.

Utilizing an advertising
exchange service may pose problems regarding copyright or trademark infringement
through linked advertising due to the fact that the individual advertisers do
not come together to draft an advertising agreement. Most of the services include
indemnification for the exchange providers themselves in the case of infringement
or other wrongdoing, but this leaves open the possibility of causes of action
against either an advertiser or a host. When signing up for such a service,
an e-business should be aware of the terms and conditions of the exchange service
itself, as well the exchange's policy regarding its members when instances of
infringement or other wrongdoing arise. Due to potential problems in these areas,
an e-business should be careful in choosing an advertising exchange provider
by inquiring into whether past situations regarding infringement have arisen
and how they were handled.

A good example
of default standards dealing with the legal issues surrounding online advertising
arrangements is the "Standard Terms and Conditions for Internet Advertising"
devised by the American Association of Advertising Agencies (AAAA) and the Internet
Advertising Bureau (IAB). These standard terms, meant to cover agreements between
an advertiser and advertising host (termed "Media Company" in the
standards), address a variety of issues, including: insertion orders (orders
concerning accounting of data related to advertising - number of clicks on an
advertisement, the costs of the party making such calculations, etc.), ad placement
and positioning, payment and payment liability, reporting, cancellation, ad
materials, indemnification, and privacy. In regard to the aforementioned issues
of copyright and trademark infringement and consumer loss, the standards set
the default rule of indemnifying the host (media company) for "any loss
relating to or arising out of Advertiser's product or the content of any Advertisement
delivered accurately, including but not limited to materials that violate the
right of a third party; materials that are defamatory or obscene; or materials
that would constitute a criminal offense." [American Association of Advertising
Agencies and Internet Advertising Bureau, Standard
Terms and Conditions for Internet Advertising, Mar. 19, 2001 at 6, available
at http://www.iab.net/news/content/T_CInternetAdv.doc]. Advertisers and hosts
looking for a basic set of contractual provisions may choose to use these terms
and conditions, which are totally voluntary and represent a standard default
contract of those wishing to cut transaction costs. The standards also can be
used to the extent they are practical, with the parties making changes to any
of the provisions in order to tailor a more specific agreement or one on different
terms. While advertising exchanges are not covered, the drafting organizations
plan to meet in the future to discuss standards for advertisers utilizing third-party
advertising servers.

The practice of
ISPs blocking email from generators of unsolicited mail may prevent an e-business
from reaching both unwilling and willing recipients of marketing emails. They
also join in private "vigilante" groups that act to block email from
spammers. One such effort is the Real-time
Blackhole List (RBL) of the Mail Abuse Prevention System (MAPS) (accessible
at http://mail-abuse.org/rbl/). The RBL works by identifying generators of spam
and then "blackholing" the networks utilized by the spammers if the
ISP used by the offending party refuses to take measures to prevent access by
the spammer. This process involves rerouting mail sent by offending parties
to an online "blackhole," which prevents all mail (both solicited
and unsolicited) originating from a network on the RBL from being received by
subscribers to the RBL. Another service that operates to block email generated
by spammers is the Open
Relay Behaviour-modification System (ORBS) (accessible at http://www.orbs.org/whatisthis.html)
which operates in a slightly different manner than the MAPS RBL.

These private
spam-blocking services and other similar services have an advantage over the
proposed legislation because they block unsolicited emails before they are received
rather than imposing penalties after the fact, and they also reach non-U.S.
spam-generating entities, which the legislation may be powerless against. Such
private services have drawn the ire of many bulk emailers, however, and several
lawsuits have been threatened or initiated against such blocking services for
interfering with the business of the email generators. Most of the cases have
been dismissed by the courts, or settled as a result of the offending party
amending its email policy. MAPS webpage reporting on the litigation at http://mail-abuse.org/pressreleases/.
But see also Christopher Saunders, 24/7
Media Snags Restraining Order Against MAPS, INTERNET.COM (Nov. 17, 2000)
available at http://www.internetnews.com/IAR/article/0,,12_514611,00.html.

One problem with
search engines that utilize web crawling robots, however, is that they may index
portions of websites that an e-business does not wish users to link to directly
from a search engine. For example, some websites may wish for all traffic to
originate at its main homepage, either to maximize advertising revenues, make
sure visitors are aware of the full range of services and products offered,
or for other similarly compelling reasons. A search engine that links to internal
pages discovered by robots may bypass such a main page in taking the searcher
to the desired target. An additional problem with robot-utilizing engines is
that valuable system resources might be consumed by robots crawling through
and searching an entire website. For a discussion of legal issues involving
the use of robots in a somewhat different context, see eBay,
Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal. 2000), available
at http://pub.bna.com/lw/21200.htm. These problems can often be remedied, however,
by simply programming a web page to not accept web crawling robots and therefore
exclude such pages from consideration in a search engine. Google, for one, offers
website administrators tips on how to keep certain parts of its website off
limits to its Googlebot. See How
Do I Request Google to Not Crawl Parts or All of My Site?, GOOGLE SEARCH
FREQUENTLY ASKED QUESTIONS, available at http://www.google.com/help/faq.html#nocrawl.
This may pose a dilemma for e-businesses, though, as users who would otherwise
be directed to a part of their website may not retrieve information about the
website at all, and may even be led to a competitor's site. These considerations
should be taken into account when determining whether certain portions of a
website should remain robot-free. Regardless of the decision made, search engines
utilizing "bots" are another important (and free) tool directing Internet
users to an e-business website.

Basic Search
Engine Ranking Schemes - Automated v. Human

When considering
using either of the above types of search engines, an e-business should assess
how the different search engines rank search results. The higher the ranking
a search engine gives a website, the higher it appears on the list of sites
returned after a search is conducted. Google utilizes its PageRank software
to rank websites according to specified criteria, such as the number of links
from other sites, importance of the website, relevance, and quality. These complex,
automated techniques "make human tampering with [Google's] results extremely
difficult" (Integrity,
GOOGLE SEARCH TECHNOLOGY, available at http://www.google.com/technology/index.html)
and Google does not sell placement within the results themselves. Yahoo! also
does not sell higher rankings to those willing to pay, but does use a more subjective,
human-oriented method of determining rankings than Google's automated approach.
See Suggested
Sites Help, YAHOO!, available at http://help.yahoo.com/help/us/url/url-10.html.

Keywords
and Tags

For ComeStudyAbroad.com,
for instance, the keywords "international," "study," and
"students" would be a good start. When determining keywords, an e-business
should also keep in mind to add common variations of the words used, such as
capitalized versions and common misspellings or alternate spellings (such as
U.K. English).

After an e-business
determines the keywords to be used, it must go about the task of incorporating
them into both the content of the website itself as well as the internal programming
code used. When incorporating keywords into site content, the e-business should
make sure to consider keyword prominence, proximity, and frequency. Keyword
prominence is important for search engines that base their descriptions of websites
on the first words found on a page. For such search engines, it is important
to put keywords at the top of a page, so they most closely reflect what a site
is about in the site description returned in a search. Keyword proximity is
a factor used by some search engines when determining what pages to receive.
If a user runs a search for "international" and "study,"
for instance, a page that contains the words in close proximity in its text
(such as "The best internationalstudy resource guide on
the Internet" or "Want to study in an international
setting?") is more likely to be returned as a relevant search result. Keyword
frequency simply measures the number of times a keyword appears in any given
text. In theory, the higher the ratio of keywords to text, the greater likelihood
the website will be returned as a result of a search for those keywords. In
practice, some search engines look out for websites' attempts to manipulate
search results and punish parties guilty of such altering tactics.

Keywords also
play an important role in the source code for a website, which is generally
unseen by the viewer. Some search engines use the tags found in a site's source
code to determine the relevance of a particular site to a searcher's request.
There are different types of tags used in web programming and read by search
engines, including meta keyword tags, meta description tags, ALT tags, and comment
tags. Keyword tags are basically lists of a website's keywords in the source
code. As some search engines use meta keyword tags to determine whether a cataloged
website is relevant to a particular search, utilizing the keyword tag in programming
source code is an easy way to make sure a website is matched up with an appropriate
target audience. The meta description tag is a description of a website's content
in the source code. The meta description tag is used by some search engines
as the basis for determining the relevance of a website to a search, the description
of a site to be listed under search results, or both. Because some search engines
use the meta description tag to determine the relevance of a website to a search,
it is important to include appropriate keywords in this source code description
as well. To the extent that some search engines will also use this tag as the
description for search results, it is also important for the purposes of click
frequency to make sure the tag entices the searcher to enter the site. ALT tags
are used in source code to describe an image that appears on a page, while comment
tags are internal notes used by source code programmers. While these do not
have the importance of the keyword and description tags, some search engines
that use spiders scan these tags, and adding keywords to them will increase
keyword frequency and can therefore potentially increase the relevance of a
website to a search. For more information on the use of tags and general tips
for optimizing search engine results, see the guides at SearchEngines.com
(available at http://www.searchengines.com/intro_optimize.html) and SearchEngineWatch.com
(available at http://searchenginewatch.com/webmasters/index.html).